pcrepcre-8.31: 23 vulnerabilities (highest severity is: 9.8) - autoclosed

Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Vulnerable Source Files (9)

/release/src/router/pcre-8.31/pcre_internal.h /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcreposix.c /release/src/router/pcre-8.31/pcre_internal.h /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcreposix.c /release/src/router/pcre-8.31/pcre_internal.h /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcreposix.c

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (pcrepcre version)	Remediation Available
CVE-2016-3191	Critical	9.8	detected in multiple dependencies	Direct	PCRE - 8.39,PCRE2 - 10.22	❌
CVE-2015-8391	Critical	9.8	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8390	Critical	9.8	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8383	Critical	9.8	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8394	Critical	9.8	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8386	Critical	9.8	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8389	Critical	9.8	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8393	High	7.5	pcrepcre-8.31	Direct	8.38	❌
CVE-2017-6004	High	7.5	pcrepcre-8.31	Direct	libpcre - 8.44	❌
CVE-2019-20838	High	7.5	pcrepcre-8.31	Direct	8.43	❌
CVE-2014-9769	High	7.3	pcrepcre-8.31	Direct	N/A	❌
CVE-2015-8380	High	7.3	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8381	High	7.3	pcrepcre-8.31	Direct	PCRE - 8.38,PCRE2 - 10.2x	❌
CVE-2015-8392	High	7.3	detected in multiple dependencies	Direct	8.38	❌
CVE-2015-8395	High	7.3	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-2328	High	7.3	pcrepcre-8.31	Direct	8.36	❌
CVE-2015-8385	High	7.3	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-2327	High	7.3	pcrepcre-8.31	Direct	8.36	❌
CVE-2015-8388	High	7.3	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8387	High	7.3	pcrepcre-8.31	Direct	8.38	❌
CVE-2015-8382	Medium	6.5	pcrepcre-8.31	Direct	8.37	❌
CVE-2014-8964	Medium	5.3	pcrepcre-8.31	Direct	pcre-debuginfo - 8.32-14,8.32-14;pcre-static - 8.32-14,8.32-14,8.32-14,8.32-14;pcre - 8.32-14,8.32-14,8.32-14,8.32-14,8.32-14;pcre-devel - 8.32-14,8.32-14,8.32-14,8.32-14;pcre-tools - 8.32-14,8.32-14	❌
CVE-2020-14155	Medium	5.3	pcrepcre-8.31	Direct	8.44	❌

Details

CVE-2016-3191

### Vulnerable Libraries - pcrepcre-8.31, pcrepcre-8.31, pcrepcre-8.31

### Vulnerability Details

The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.

Publish Date: 2016-03-17

URL: CVE-2016-3191

### CVSS 3 Score Details (9.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-3191

Release Date: 2016-03-17

Fix Resolution: PCRE - 8.39,PCRE2 - 10.22

CVE-2015-8391

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8391

### CVSS 3 Score Details (9.8)

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8391

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8390

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8390

### CVSS 3 Score Details (9.8)

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8390

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8383

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8383

### CVSS 3 Score Details (9.8)

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8383

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8394

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8394

### CVSS 3 Score Details (9.8)

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8394

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8386

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8386

### CVSS 3 Score Details (9.8)

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8386

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8389

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_jit_compile.c /release/src/router/pcre-8.31/pcre_jit_compile.c /release/src/router/pcre-8.31/pcre_jit_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8389

### CVSS 3 Score Details (9.8)

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8389

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8393

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcregrep.c /release/src/router/pcre-8.31/pcregrep.c /release/src/router/pcre-8.31/pcregrep.c

### Vulnerability Details

pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.

Publish Date: 2015-12-02

URL: CVE-2015-8393

### CVSS 3 Score Details (7.5)

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8393

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2017-6004

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (2)

/release/src/router/pcre-8.31/pcre_jit_compile.c /release/src/router/pcre-8.31/pcre_jit_compile.c

### Vulnerability Details

The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.

Publish Date: 2017-02-16

URL: CVE-2017-6004

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2017-6004

Release Date: 2017-02-16

Fix Resolution: libpcre - 8.44

CVE-2019-20838

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_jit_compile.c /release/src/router/pcre-8.31/pcre_jit_compile.c /release/src/router/pcre-8.31/pcre_jit_compile.c

### Vulnerability Details

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Publish Date: 2020-06-15

URL: CVE-2019-20838

### CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838

Release Date: 2020-06-15

Fix Resolution: 8.43

CVE-2014-9769

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_jit_compile.c /release/src/router/pcre-8.31/pcre_jit_compile.c /release/src/router/pcre-8.31/pcre_jit_compile.c

### Vulnerability Details

pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.

Publish Date: 2016-03-28

URL: CVE-2014-9769

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

CVE-2015-8380

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_exec.c /release/src/router/pcre-8.31/pcre_exec.c /release/src/router/pcre-8.31/pcre_exec.c

### Vulnerability Details

The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8380

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8380

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8381

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\z(?|(?'R')(\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8381

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8381

Release Date: 2015-12-02

Fix Resolution: PCRE - 8.38,PCRE2 - 10.2x

CVE-2015-8392

### Vulnerable Libraries - pcrepcre-8.31, pcrepcre-8.31

### Vulnerability Details

PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.

Publish Date: 2015-12-02

URL: CVE-2015-8392

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8392

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8395

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.

Publish Date: 2015-12-02

URL: CVE-2015-8395

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8395

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-2328

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-2328

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2328

Release Date: 2015-12-02

Fix Resolution: 8.36

CVE-2015-8385

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8385

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8385

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-2327

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-2327

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-2327

Release Date: 2015-12-02

Fix Resolution: 8.36

CVE-2015-8388

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8388

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8388

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8387

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Publish Date: 2015-12-02

URL: CVE-2015-8387

### CVSS 3 Score Details (7.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8387

Release Date: 2015-12-02

Fix Resolution: 8.38

CVE-2015-8382

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_exec.c /release/src/router/pcre-8.31/pcre_exec.c /release/src/router/pcre-8.31/pcre_exec.c

### Vulnerability Details

The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.

Publish Date: 2015-12-02

URL: CVE-2015-8382

### CVSS 3 Score Details (6.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2015-8382

Release Date: 2015-12-02

Fix Resolution: 8.37

CVE-2014-8964

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_exec.c /release/src/router/pcre-8.31/pcre_exec.c /release/src/router/pcre-8.31/pcre_exec.c

### Vulnerability Details

Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.

Publish Date: 2014-12-16

URL: CVE-2014-8964

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2014-8964

Release Date: 2014-12-16

Fix Resolution: pcre-debuginfo - 8.32-14,8.32-14;pcre-static - 8.32-14,8.32-14,8.32-14,8.32-14;pcre - 8.32-14,8.32-14,8.32-14,8.32-14,8.32-14;pcre-devel - 8.32-14,8.32-14,8.32-14,8.32-14;pcre-tools - 8.32-14,8.32-14

CVE-2020-14155

### Vulnerable Library - pcrepcre-8.31

PERL 5 regular expression pattern matching

Library home page: https://sourceforge.net/projects/pcre/

Found in HEAD commit: 0c45ce909374d16605095db4fce9a89b9b6bafd5

Found in base branch: master

### Vulnerable Source Files (3)

/release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c /release/src/router/pcre-8.31/pcre_compile.c

### Vulnerability Details

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Publish Date: 2020-06-15

URL: CVE-2020-14155

### CVSS 3 Score Details (5.3)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low

For more information on CVSS3 Scores, click here.

### Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155

Release Date: 2020-06-15

Fix Resolution: 8.44

Chiencc / asuswrt-gt-ac5300

pcrepcre-8.31: 23 vulnerabilities (highest severity is: 9.8) - autoclosed #82

Vulnerabilities

Details